<?php
// as a part of SuccessURL script
// your registration data
$mrh_pass1 = "pass1";  // merchant pass1 here

$out_summ = $_REQUEST["OutSum"];
$inv_id = $_REQUEST["InvId"];
$crc = $_REQUEST["SignatureValue"];
$shp_item = $_REQUEST["Shp_item"];
$shp_mode = $_REQUEST["Shp_mode"];

// HTTP parameters: $out_summ, $inv_id, $crc
$crc = strtoupper($crc);   // force uppercase

// build own CRC
$my_crc = strtoupper(md5("$out_summ:$inv_id:$mrh_pass1:Shp_item=$shp_item:Shp_mode=$shp_mode"));

if (strtoupper($my_crc) != strtoupper($crc))
{
  echo "bad sign\n";
  exit();
}

// you can check here, that resultURL was called 
// (for better security)

// OK, payment proceeds
$URL="http://domen.ru/index.php?option=com_virtuemart&page=account.order_details&order_id=".$inv_id."&Itemid=10";

header ("Location: $URL");

?>